Sharing-and-Visibility-Architect Salesforce Certified Sharing and Visibility Architect (SU24) Questions and Answers

Setting the Request object’s OWD to Public Read/Write is the simplest and most efficient way to allow all employees to collaborate on requests. Option B is incorrect, since granting Modify All Data permission on all profiles would give too much access and affect other objects as well. Option C is incorrect, since creating a criteria-based sharing rule to share all records with all users would be redundant and inefficient. Option D is incorrect, since setting the OWD to Public Read Only would not allow users to edit requests3.

Programmatic sharing is a way to use Apex code to create or delete sharing rules for records. Programmatic sharing is useful when2:

An external system manages user record access and you need to synchronize the access settings in Salesforce.

The native sharing functionality does not meet your complex or dynamic sharing requirements.

The two methods that an Architect could use to enable this sharing requirement are A and D. Option A allows the account manager to access the account once they are added to the account team, which is a type of implicit sharing5. Option D allows the account management group to access the account based on a criteria that matches the type field value. The other options are either not relevant or not efficient.

The probable cause for this error is lock contention due to system-initiated sharing rule recalculation. When there are mass updates to fields that affect sharing rules, such as territory or role fields, Salesforce automatically recalculates the sharing rules to reflect the changes. This can cause lock contention on group membership records, which store the users and groups that have access to records through sharing rules. The other options are not likely to cause this error.

Three advanced tools that Salesforce can enable for large-scale role hierarchy realignments in organizations with large data volumes are partitioning by divisions, deferred sharing calculation, and skinny table indexing. Partitioning by divisions allows the organization to segment data into logical sections based on business criteria, which reduces the number of records that need to be recalculated when role hierarchy changes. Deferred sharing calculation allows the organization to postpone the sharing recalculation until a scheduled time, which avoids impacting users during peak hours. Skinny table indexing allows the organization to create custom indexes on frequently used fields, which improves query performance and reduces locking contention

Susan and users with the View All Data permission and Susan and users with access to the record are two statements that accurately describe who can view the file by default. When a file is posted to a record’s feed, it inherits the sharing settings of that record. Therefore, only users who can view the record can view the file. Users with the View All Data permission can view all records and files in the organization. Option C is incorrect, since users with a shared chatter post link to the file can only view the file if they have access to the record as well. Option D is incorrect, since Susan is not the only one who can view the file, but also users who have access to the record or the View All Data permission.

The license recommendation that will meet distributor needs is Partner Community. Partner Community licenses are designed for users who are not employees of UC, but are part of their partner ecosystem, such as distributors, resellers, or suppliers. Partner Community users can access standard CRM objects such as accounts, contacts, leads, opportunities, cases, and campaigns. They can also collaborate with other partners and UC employees using Chatter and Communities. Sales Cloud licenses are for internal sales users who need full access to standard CRM and custom objects. Customer Community Plus licenses are for high-volume customers who need access to standard CRM objects and custom objects, but not opportunities. Customer Community licenses are for low-volume customers who need access only to custom objects and a subset of standard CRM objects.

The license type that must be used by community users who want to collaborate on opportunities is Partner Community. As mentioned above, Partner Community licenses allow users to access standard CRM objects such as opportunities and collaborate with other partners and internal users using Chatter and Communities. Sales Community licenses do not exist as a separate license type. Customer Community and Customer Community Plus licenses do not allow users to access opportunities, as they are intended for customer service scenarios rather than sales scenarios.

To mitigate the risk of improper access to records when using Apex managed sharing, the Salesforce architect should recommend using runAs system method in test classes and with Sharing keyword in Apex classes. The runAs system method allows testing the code as different users with different profiles and permissions, which can help verify that the sharing logic is working as expected2. The with Sharing keyword enforces the record visibility rules for the current user context, which can help prevent unauthorized access to records that are not shared with the user

 The development team missed using the with Sharing keyword in Apex classes to enforce sharing rules evaluation, and the isAccessible() method in Apex classes to check field accessibility. The with Sharing keyword ensures that the Apex code respects the sharing rules defined for the current user, while the isAccessible() method checks if the user has read access to a specific field1. The run as method in test class is used to test whether a user can perform certain actions, not to enforce permissions2. The isSharable keyword in Apex classes does not exist.

 Creating a criteria-based sharing rule to give access to the public group for high-value opportunities and creating a public group and assigning the auditors to the group are the best options to give access to high-value opportunities to a team of auditors distributed through the organization. Option A is incorrect, since putting the auditors as the highest level of the role hierarchy would give them access to all opportunities, not just high-value ones. Option B is incorrect, since adding the auditors to the default opportunity team would require manual configuration and maintenance

The architect can configure the system to support the requirements by using a sharing rule. A sharing rule is a declarative way of extending record access to users or groups of users based on criteria such as ownership, role, or field values3. In this case, the architect can create a sharing rule that grants read or read/write access to all records owned by customer community users to UC users in the customer support role. A sharing set is used to grant access to community users based on a common account or contact, not to internal users. A share group is used to share records with groups of community users who have Customer Community Plus or Partner Community licenses, not with internal users. Apex sharing is used to programmatically share records when declarative sharing cannot fulfill complex requirements, but it is not necessary in this case.

According to this source, users with access to a child case have read-only access to the parent account by default, and owners of a parent account have access to child opportunities by default. The other options are not implicit record access mechanisms.

According to this source, creating a lookup relationship from the Loan object to the User object and using a trigger on the Loan object to create the corresponding record in the Loan share object is the best way to meet the requirements. The other options will not work as expected or will not be scalable.

To assign opportunities to a territory for an account that meets criteria for two Enterprise Territory Management territories, the territory with the highest Territory Type Priority is automatically assigned to the opportunity. This is how Salesforce resolves conflicts when an account matches multiple territories. Creating a criteria-based sharing rule or a Process Builder process will not work, as they do not affect the territory assignment. Creating an Apex class that implements Filter-Based Opportunity Territory Assignment will not work, as it is only applicable for accounts that do not match any territory

The access that has to be given to partner users to access records belonging to users in their account at their same role or lower in the role hierarchy, for Cases, Leads, Opportunities and Custom Objects is Super User Permission2. Super User Permission is a profile permission that enables partner users to act as super users for their accounts2. Super users can view, edit, and delete records that they do not own within their account.

When assigning access level for a record using Apex Managed Sharing, you can only use ‘Read’ or ‘Edit’ values. Using ‘All’ or ‘None’ values will cause a DML exception on insert to the database.

The system permission in their profile that enabled the users to see all list views is manage public list views. This permission allows users to create, edit, and delete public list views, as well as view all list views shared with them or with their groups. To restrict visibility to the respective list views, the system administrator should remove this permission from the users’ profiles and assign it only to those who need to manage public list views

Content delivery is a feature that allows users to share files with customers and protect them with a password. Setting up an experience cloud site would require additional configuration and licensing. Utilizing an AppExchange product would introduce a dependency on a third-party solution.

 Territory Model State is the feature that can help UC stay within their org limits. It allows them to create multiple territory models and activate only one at a time. The inactive models do not count towards the org limit

A new AccountShare record is created with Row Cause as “Manual” and Access Level as “Read/Write” when Paul manually shares the record with John. This record grants John edit access to the account owned by Paul. Option B is incorrect, since an existing AccountShare record is not updated, but a new one is created. Option C is incorrect, since the Row Cause is not “Owner”, but “Manual”. Option D is incorrect, since an existing AccountShare record is not updated, but a new one is created.

The side effect of this approach is that sales reps on the same team will have read access to the accounts for opportunities owned by their team members. This is because owner-based sharing rules grant access to both the parent and child records of the same object. For example, if a sharing rule grants access to opportunities owned by a certain role, it also grants access to the accounts associated with those opportunities. All sales reps will not have read access to accounts for all opportunities, as the sharing rules are based on ownership. Sales reps on the same team will not have edit access to the accounts for opportunities owned by their team members, as owner-based sharing rules only grant read or read/write access to child records, not parent records. All sales reps will not have read access to all accounts, as the account organization-wide default is private.

Creating a Sharing set for the Distributor profile to grant access to the Delivery object is the correct way to share records with users in a partner community. Sharing sets allow you to share records based on a common account or contact2. Criteria-based sharing rules are not available for partner communities3.

 Searching for external users is the community functionality that is impacted by having the customer user visibility turned off. When customer user visibility is turned off, community users cannot find or interact with other community users in global search, people search, or chatter. Option B is incorrect, since updating their user profile is not affected by customer user visibility. Option C is incorrect, since creating new customer community users is not affected by customer user visibility. Option D is incorrect, since searching for internal users is not affected by customer user visibility.

According to this source, submitting to Force.com Security Scanner, using web application security tools, and using debug logs to check hijacked requests are some of the ways to make sure Visualforce pages are secure. The other options are not sufficient or recommended.

Sharing the list views with the appropriate public group and sharing the list views with the appropriate role in the role hierarchy are two ways that UC can hide lists that are not relevant to an individual user. List view sharing allows users to share list views with other users based on public groups, roles, subordinates, or individual users. This way, users can only see list views that are relevant to them and their work. Option A is incorrect, since sharing list views with a queue is not possible. Option B is incorrect, since sharing list views with individual users would be tedious and inefficient.

Setting the organization-wide default on Shipment to Private, creating a trigger to update the Account record with the shipment information, and using a lookup relationship to Account are the best recommendations to accomplish this requirement. This way, the Marketing team can see the shipment information on the Account record, but not the Shipment records themselves. Option A is incorrect, since setting the organization-wide default on Shipment to Public would give access to all Shipment records to all users. Option B is incorrect, since using a master-detail relationship to Account would inherit the sharing settings from Account, which may not be Private. Option C is incorrect, since using a master-detail relationship to Account and setting the organization-wide default on Shipment to Controlled by Parent would have the same effect as option B.

To audit user setup in Salesforce, the team needs to have both View Setup and Configuration and View All Users permissions. View Setup and Configuration allows them to access the setup menu and see the user profiles, roles, and permission sets. View All Users allows them to see all the user records and their details, such as login history and assigned licenses

The report owner is the only one who can view and run the report that is saved in the “Private Reports” folder. Option A is incorrect, since there is no such thing as the “My Private Reports” folder in Salesforce. Option B is incorrect, since the role hierarchy does not affect the access to private reports. Option D is incorrect, since the “View All Data” permission does not grant access to private reports.

 To grant the sales managers access to the customer invoices data, the architect should control the invoices object permission on the sales manager’s profile. This will allow the sales managers to view and query the external object records, as long as they have access to the parent account records. Creating a sharing set or a sharing rule will not work, as they are not supported for external objects. Using manual sharing will not work, as it is not available for external objects

The Field Accessibility Viewer is a tool that allows you to see how a field is visible or editable for a specific profile or permission set. You can also see which page layouts and record types include the field. This is a quick way to determine the field accessibility settings for different users without logging in as each user profile or clicking on each profile.

The two options to propose a solution to meet the requirements are Scheduled Apex job to remove access and Opportunity team to share opportunities with sales managers. Scheduled Apex job allows developers to run Apex code at a specified time, which can be used to revoke the sharing access after two weeks. Opportunity team allows users to grant access to other users who work on the same opportunity1. Apex Sharing and Sharing Rules are not suitable options because they do not support automatic expiration of sharing.

A workaround to ownership data skew is to minimize possible performance impacts by not assigning the user(s) to a role. Ownership data skew occurs when a single user owns a large number of records (more than 10,000) of an object, which can cause performance issues when sharing calculations are performed. By not assigning the user to a role, you can prevent the sharing rules from being applied to the records owned by that user, and reduce the number of rows in the sharing tables.

To reduce redundant leads and restrict their editing and reassignment, a Salesforce Architect should recommend implementing a private OWD on Lead. A private OWD means that only the owner of the lead record and users above them in the role hierarchy can view, edit, or transfer the lead. This will prevent duplicate leads from being created by other users, and also ensure that only the lead owner can modify or reassign the lead. Implementing a public read only OWD on Lead will not work, as it will allow other users to view the lead records, which may lead to duplication. Implementing a public read only/transfer OWD on Lead will not work, as it will allow other users to transfer the lead records to themselves or others. Implementing a public read/write OWD on Lead will not work, as it will allow other users to edit or reassign the lead records.

To share a report or dashboard folder with other users in the organization, you can use Public Groups or Roles4. Profiles and Teams are not available options for sharing folders.

Creating a Share Group based on the sharing set created for the Customer Community User Profile is the best way to give support representatives access to Container and Case records owned by Customer Community users. Share Groups are groups of users who have access to records based on a sharing set. Sharing sets are settings that grant community users access to records that have a lookup relationship to their user record1. Creating an ownership-based sharing rule, creating a criteria-based sharing rule, and relying on the role hierarchy are not options that can achieve the same result.

The Grant Access Using Hierarchies option on Shipment Sharing Settings allows users above the owner in the role hierarchy to have the same level of access as the owner. If this option is disabled, the role hierarchy will not grant access to the Shipment records, even if it is configured correctly. Therefore, the answer A is correct and the other options are incorrect

The best way to troubleshoot this issue is to view Field Accessibility in the Object Manager. This will allow the admin to see how the field-level security settings affect the visibility of the field for different profiles and record types. The other options are not helpful, because:

Reviewing changes to Account record types will not show why a field has disappeared from the Account page, unless the field is dependent on a record type that has been deactivated or modified.

Logging in as user and checking several Accounts will not isolate the problem records, because the issue is related to field visibility, not record access.

Running a Who Sees What report will not help, because this report only shows how sharing settings affect record access, not field visibility.

The likely cause of this issue is that sales users profile does not have access to the remaining fields. Profile permissions determine what users can do with records, such as create, read, edit, or delete. If sales users profile does not have read permission for certain fields on the Invoice object, they will not be able to see those fields on the record detail page3. Page layout assigned to sales user profile, org-wide sharing settings, and role-based sharing are not likely causes of this issue.

Sharing the folders with the “VP of Sales” Role and Subordinates and sharing the folders with a “Sales Managers” Public Group are two ways that UC can grant access to sales managers to automate access to these Reports and Dashboards folders. Folder sharing allows users to share reports and dashboards with other users based on roles, subordinates, public groups, or individual users. Option A is incorrect, since sharing the folders with lowest roles in the role hierarchy would not give access to superiors automatically, but only to subordinates. Option C is incorrect, since sharing the folders with a queue is not possible.

The territory with the highest territory type priority is automatically assigned to the opportunity when an account meets criteria for multiple territories4. Option A is incorrect, since creating a process builder process to update the territory field on the opportunity would be unnecessary and complex. Option C is incorrect, since creating an Apex class that implements Filter-Based Opportunity Territory Assignment would be an advanced and custom solution that is not required in this scenario. Option D is incorrect, since creating a criteria-based sharing rule on the opportunity to assign it to a territory would not work, as sharing rules do not assign territories5.

There is an Account ownership data skew problem, which could be the reason for this problem. Data skew occurs when a large number of records (more than 10,000) are owned by a single user or belong to a single role. This can cause performance issues when accessing or updating those records, as well as when recalculating sharing rules or changing ownership. In this scenario, since each donation rep owns over 50,000 donor accounts, there is a significant data skew that affects the system performance. Option A is incorrect, since the donation reps access to the assigned accounts is not a problem by itself, but rather a consequence of data skew. Option B is incorrect, since Salesforce sharing recalculation kicked off is not a problem by itself, but rather a consequence of data skew. Option D is incorrect, since the Account (donor) object OWD being Private is not a problem by itself, but rather a consequence of data skew.

A sharing set is the best way to share cases with partner users based on a common account. Sharing sets are available for Partner Community licenses and can grant access to related records using predefined criteria1. Option A is incorrect, since changing the external OWD to public read only would give access to all cases to all partner users, not just the ones related to their account. Option B is incorrect, since sharing rules are not available for partner users. Option C is incorrect, since the role hierarchy does not apply to partner users

The error occurred because the trigger handler class is using ‘‘with sharing’’ and the user does not have access to the orders related to the opportunity. The ‘‘with sharing’’ keyword enforces the sharing rules that apply to the current user. This means that if the user does not have access to a record, they will get a permission error when trying to create or update it1. The trigger should use ‘‘without sharing’’ keyword instead, which ignores the sharing rules that apply to the current user. The trigger should not use RunAs(), IsCreateable(), or no sharing keywords as they will not prevent the error from occurring.

 Setting the OWD for internal users to Public Read Only is the simplest and most efficient way to give access to all internal employees to the ServiceFeedback object. Option A is incorrect, since creating a trigger on ServiceFeedback to change ownership to an internal employee would be complicated and affect the data quality. Option B is incorrect, since ensuring all the internal users are above the partners in the role hierarchy would not work, as the role hierarchy does not apply to partner users. Option C is incorrect, since creating an owner-based sharing rule for all ServiceFeedback records owned by partners would be redundant and inefficient

Deleting the public link is the best way to ensure that the potential customers do not have access to the file after the meeting. Renaming the file, deleting the file, or moving the file to another folder will not affect the public link, which will still point to the file

The impact of these sharing settings is that Sales Engineers Managers and their managers in the role hierarchy will also have access to these records. This is because sharing rules extend access to users in public groups, roles, or territories. The access granted by a sharing rule is inherited by users above those users in the role hierarchy1. Subordinates of Managers who have Sales Engineers in the public group, Sales Engineers that have a similar role of the Sales Engineers of the public group, and Sales Engineers direct reports will not have access to these records unless they are explicitly granted by other means.

To give users in the partner user role access to all Case and Container records owned by any user at the same distributor, an Architect can give super user permission to the individual partner users. Super user permission allows partner users to access data owned by other partner users belonging to the same account or below them in the role hierarchy. Creating an ownership-based sharing rule will not work, as it will share records based on the owner’s role or territory, not their account. Creating sharing sets will not work, as they are only available for Customer Community licenses, not Partner Community licenses. Creating a Permission Set granting “View All” permission to Case and Container records will not work, as it will give access to all records in those objects, regardless of their owner or account.

Cloning the Sales Rep profile, adjusting settings, and assigning the pilot users the new profile is the optimal way to grant only this Sales Reps access to the new functionality, while hiding it from other users. This way, the pilot users can have different permissions and access than the other Sales Reps who are not part of the pilot. Option B is incorrect, since revoking access to legacy function in the Sales Rep profile and creating a permission set for the new functionality would affect all Sales Reps, not just the pilot users. Option C is incorrect, since creating a permission set to grant access to the new functionality and hide the old functionality would not work, as permission sets cannot revoke access. Option D is incorrect, since creating new user records for the pilot user that they will use for the pilot would be unnecessary and inefficient.

List views are a way to filter and display records of a specific object based on certain criteria. List views can be shared with all users, a group of users, or only the owner of the list view. To share a list view with a group of users, such as sales executives who specialize in closing problematic deals, the architect can recommend creating a public group that includes those users and sharing the list view with that public group. Therefore, the answer B is correct and the other options are incorrect 

Using Account teams, Opportunity teams, and Case teams is the best way to achieve these requirements. Account teams allow you to share accounts and related records with a group of users. Opportunity teams allow you to share opportunities with a group of users who can have different levels of access. Case teams allow you to share cases and related records with a group of users who can have different roles and levels of access. Using Sharing rules to share cases with sales associates will not work, because sharing rules can only be based on record owner or criteria, not on account team membership. Using Account Teams to define access to accounts as well as opportunities and cases related to accounts will not work, because account team members can only have read-only access to cases by default.

The field has been configured for encryption, which might cause it to not show up on the list of available fields for creating a criteria-based sharing rule. Encrypted fields are not available for sharing rules, as they may contain sensitive data that should not be exposed. Option B is incorrect, since the architect does not need permission to Compliance fields to create a sharing rule. Option C is incorrect, since the architect’s profile does not need field-level security for this field to create a sharing rule. Option D is incorrect, since fields with validation rules are available for sharing rules.

The Referral object OWD is public Read/Write, which could be the technical reason for the recruiter not finding the share button. When an object’s OWD is public Read/Write, all users can view and edit all records of that object, so there is no need for manual sharing. The share button only appears when an object’s OWD is private or public Read Only. Option A is incorrect, since the Referral object OWD is not private. Option C is incorrect, since the Referral object OWD is not public Read Only. Option D is incorrect, since public Full Access is not a valid OWD setting.

Creating a permission set that grants the View All permission for Opportunity is the best approach to meet these requirements, as it will allow the sales reporting team members to view all opportunity records without modifying their profiles. Creating a permission set that grants the View All Data permission will work, but it will also grant access to all other objects, which may not be necessary or secure. Giving the View All Data permission to the Sales Reporting profile will work, but it will also affect all users with that profile, which may not be desired.

According to this source, Apex managed sharing is the best way to share records based on complex logic that can’t be handled by declarative sharing. In this case, the architect can use Apex code to create a trigger on the Job Interview object that will create a share record for the interviewer user when the lookup field is populated. The other options are not feasible or scalable.

 Adding the user to the Sales Team for the Presentation record will not work, as Sales Teams are only available for standard objects, not custom objects. Giving Edit rights to the Presentation record via a Permission set will not work, as Permission sets are assigned to users, not records. The best option is to use a trigger on Presenter junction object that uses Apex Managed sharing to add or remove access to the related Presentation record based on the junction object records.

When adding account team members to an account, the user can see the opportunity access options that are equal to or less than the organization-wide default access level for the opportunity object3. Since the organization-wide default access level for the opportunity object is Public Read Only, the user can see Read Only and Read/Write options. Private and Private and Read Only are not valid options.

Creating a reusable SOQLQueries class without specifying “With” or “Without Sharing” on the class or specifying “With Sharing” or “Without Sharing” on the methods are two ways to meet the requirements. The sharing mode of the class or method will depend on the context of the calling code, which can be either “With Sharing” or “Without Sharing”. Option B is incorrect because the runAs() method is only available in test methods and does not change the sharing mode. Option D is incorrect because it requires creating two separate classes for different sharing modes, which is not reusable.

The best option for the architect to make sure Universal Health stays compliant is B. Enabling Salesforce Shield Platform Data Encryption and marking the patient notes field as encrypted will ensure that the data is encrypted at rest as well as in transit, using a tenant secret that only Universal Health can access. This will also allow them to use standard Salesforce features and functionality with the encrypted data. The other options are either incorrect or not optimal.

Only the user who uploaded the PDF to the Files Home private library can view it, as private files are not shared with anyone else1. Users with View All Data permission or users above him/her in the Role Hierarchy will not be able to view the private file, unless the user explicitly shares it with them.

The roles that Universal Containers has set for Partners users who will see records owned by partner users in roles below them in the hierarchy are Executive, Manager, and User2. These are the default roles that are created when you enable Partner Super User Access in Salesforce2. Partner Super User Access allows partner users to access records belonging to users in their account at their same role or lower in the role hierarchy, for Cases, Leads, Opportunities and Custom Objects.

 The option that supports this requirement is B. To restrict users’ access to export reports, the administrator can remove the “Export Reports” user permission from their profile or permission set. The “Report Manager” user permission is not related to exporting reports, but to creating and managing report folders.

The reason why there are many duplicate Account records and numerous sharing rules created in Salesforce is that the Organization-Wide Default for the Account object is Private4. This means that users can only see their own accounts and those shared with them explicitly by sharing rules or other means. This could lead to users creating duplicate accounts without knowing that they already exist in Salesforce. If the Organization-Wide Default for the Account object is Public Read/Write or Public Read Only, users would be able to see all accounts in Salesforce and avoid creating duplicates. The Object permissions for the Account object are not relevant for this question.

Programmatic sharing is the best option to share accounts automatically based on a lookup field, as it allows for more flexibility and scalability than manual sharing, account teams, or criteria-based sharing. Manual sharing is not automatic and requires user intervention. Account teams are not suitable for large numbers of users and accounts. Criteria-based sharing does not support lookup fields as criteria

Using Encryption Policy and contacting Salesforce to update the existing records so that their field values are encrypted is the best way to proceed with this new policy change, as it allows admins to encrypt standard and custom fields using Platform Encryption without changing existing business processes3. Using Classic Encryption will not work, as it only supports a limited number of fields and requires changes to the data model and code. Waiting for an email from Salesforce indicating the field values are encrypted will not work, as encryption policy does not automatically encrypt existing records.

Public groups are used to grant access to a set of users who do not have a predefined relationship in the role hierarchy or territory hierarchy. Sharing sets are used for community users, not internal users. Role hierarchy is used to grant access based on the user’s position in the organization.

 The optimal solution for an architect to recommend is to grant super user access to the lead agents as part of the community user setup. Super user access allows community users to access records that they do not own within their account or role hierarchy. This way, the lead agents can see the opportunities for all of the other agents at the dealer without changing the organization-wide defaults or creating any sharing rules

The correct format for creating share objects for custom objects in Apex code is MyCustomObject__Share. Share objects are used to grant access to individual records that are owned by another user or queue. For standard objects, the share object name is ObjectNameShare, such as AccountShare or ContactShare. For custom objects, the share object name is ObjectName__Share, such as MyCustomObject__Share or Project__Share.